Using OneRNG with Linux

We provide some software for you to use to make OneRNG an input to /dev/random via rngd

This is architecture independent - python & shell scripts

… and we don't get involved in your choice of init daemon …

Just plug it in …

UDEV detects the device (using an ID assigned from OpenMoko's range)

On insertion we validate the firmware, then start rngd

On removal we remember to stop rngd for you!

… but never leave me

Increasingly, UDEV implementations make life more complex

No-one seems to bother with UDEV removal scripts

so the mechanism is probably not very well tested

Serial over USB?

USB CDC drivers are the generic USB serial interface

Sadly ModemManager stomps on every one unless you remember
to disable it in UDEV

OneRNG doesn't support Hayes AT commands …

UDEV: ENV{ID_MM_DEVICE_IGNORE}="1"

Wireshark will capture USB traffic if you need it - modprobe usbmon first

Diversion: Why does /dev/random block?

The NSA-designed SHA-1 was not fully "trusted"

The blocking behaviour is a defence against this untrusted DRBG

Ted T'so, 2015 “… the
paranoiacs were *right* that the NSA had introduced a back-door into a
crypto algorithm which they gifted to the civilian world. It just
turned out to be DUAL-EC instead of SHA-1.”